pull up r20182 from trunk
authorTom Yu <tlyu@mit.edu>
Sat, 15 Dec 2007 01:22:17 +0000 (01:22 +0000)
committerTom Yu <tlyu@mit.edu>
Sat, 15 Dec 2007 01:22:17 +0000 (01:22 +0000)
 r20182@cathode-dark-space:  tlyu | 2007-12-14 00:14:11 -0500
 ticket: 5853
 target_version: 1.6.4
 tags: pullup

 fix CVE-2007-5894: apparent uninit length in ftpd.c:reply()

ticket: 5853
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20183 dc483132-0cff-0310-8789-dd5450dbe970

src/appl/gssftp/ftpd/ftpd.c

index 94b40dcc5be8c4cda68b19694208990c7355508f..fce090d09b91d122bbd18062310096bb442549fa 100644 (file)
@@ -1823,7 +1823,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5)
                 * radix_encode, gss_seal, plus slop.
                 */
                char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2];
-               int length, kerror;
+               int length = 0, kerror;
                if (n) sprintf(in, "%d%c", n, cont_char);
                else in[0] = '\0';
                strncat(in, buf, sizeof (in) - strlen(in) - 1);